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Description 

[0001] The present invention relates to a method and 
apparatus for controlling the authenticity of application 
programs received from unsecured storage and for con- 
trolling data access by such programs as they run in a 
secure environment in a computer in order to preserve 
system security. 

[0002] The use of apparatus and programmed meth- 
ods to prevent application programs from accessing or 
modifying protected areas of storage in a data process- 
ing system are known in the operating system art. Ex- 
amples are the U.S. Patents 5,144,659 and 5,289,540 
to Richard P. Jones. Jones discloses hardware in the 
form of a programmable auxiliary memory and control 
unit on a disk drive adapter card which intercepts the 
control logic, address, and data signal paths between 
the central processing unit and the file storage. Once 
the hardware and associated software of the Jones sys- 
tem is installed, the operating system no longer controls 
or has access to the file system. In Jones, the auxiliary 
memory stores signatures of all valid files. The file sig- 
natures are simple cyclic redundancy code (CRC). Such 
signatures can protect against virus attack by detecting 
that the file has been changed by a virus since the CRC 
was last calculated. Such signature can not protect 
against hacker attack because it is a simple matter to 
calculate and append a new CRC after changing a pro- 
gram. 

[0003] More recently, the hardware central process- 
ing unit (CPU) itself has privilege levels built in that pro- 
tect memory segments having a level zero for example 
from being directly addressed by application programs 
running at level 3. An example appears in the Am486 
Microprocessor Software Users Manual published Jan- 
uary 1994 by Advanced Micro Devices at pages A-28 
through A-34. Although these circuits prevent direct ad- 
dressing of supervisor level memory space by level 3 
application programs, there will be times when such ac- 
cess is necessary and there is no mechanism in the mi- 
croprocessor for determining that the application pro- 
gram is authentic and that the data to be accessed is 
allocated to the authentic program. 
[0004] The use of encryption to verify the identity of 
users and the authenticity of programs or ID Cards is 
known. An example of such art is the IBM 4755 crypto- 
graphic adapter card. The teaching of the current art do 
not however show how to protect persistent data in a 
secure area when applications are loaded from non-se- 
cure sources. 

[0005] In computer systems that run multiple applica- 
tion programs, and have the ability to store long-term 
data for those programs, there is a need to protect each 
data area from application programs other than the one 
which created that area. The term "other programs" is 
meant to include both entirely different programs, and 
programs which may attempt to masquerade as the pro- 
gram that created the data. New versions of any pro- 
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gram, however, must be able to access the data areas 
created by the earlier versions of that same program. 
[0006] In this particular scenario, the data is persist- 
ent in computer memory, while the application programs 
5 themselves are not. The application programs are de- 
leted from memory when they are no longer needed, 
and then they are reloaded at a later time when their 
services are again required. The data areas used by 
each application program remain in the computer, 
stored on a persistent medium and managed by the 
computer's operating system. When an application pro- 
gram is reloaded, it must be given access to the data 
which it owns, but it must not be permitted to access 
data owned by another application program. In like man- 
ner, application programs that are operating concurrent- 
ly must not be able to access each others data. The pro- 
gram storage medium itself from which application pro- 
grams are reloaded is not necessarily protected in any 
way, so the application programs must be structured so 
that they carry their own protection from alteration, and 
so that they contain protected information that can be 
used to securely associate them with the data areas that 
they own. 

[0007] European Patent application 778520 discloses 
a system and method for executing verifiable programs 
with facility for using non-verifiable programs from trust- 
ed source. A computer system includes a program ex- 
ecuterthat executes verifiable architecture neutral pro- 
grams and a class loader that prohibits the loading and 
execution of non-verifiable programs unless (A) the non- 
verifiable program resides in a trusted repository of such 
programs, or (B) the non-verifiable program is indirectly 
verifiable by way of a digital signature on the non-veri- 
fiable program that proves the program was produced 
by a trusted source. 

[0008] The present invention overcomes the disad- 
vantages and limitations of the related art by providing 
a method, apparatus and computer program product as 
claimed in the appended claims. The invention efficient- 
ly verifies the authenticity of an application program be- 
ing loaded into a secure area from a non-secure area 
and associates the verified application program with its 
already existing data areas in persistent memory to the 
exclusion of other application programs. 
[0009] An advantage of the invented secure access 
control for persistent data areas is that application pro- 
grams may be loaded from a non-secure store and be 
given access to persistent data without compromising 
security. 

[0010] Yet another advantage of the invention is that 
the privilege levels of a processor may be utilized to pro- 
tect persistent data while allowing application programs 
access to the data even though such application pro- 
grams may not be resident in persistent memory. 
[0011] Embodiments of the invention will now be de- 
scribed with reference to the accompanying drawings, 
in which: 
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FIG. 1 is a is a block diagram of a computer system 
in which the invention finds utility. 

FIG. 2 is a block diagram of the improved operating 
system according to the invention. 

FIG. 3 is a flow diagram of an application program 
certification process according to the invention. 

FIG. 4 is a flow diagram of application program load 
and verification according to the invention. 

FIG. 5 is a flow diagram of application program ac- 
cess to a data area. 

[0012] Referring now to FIG. 1 , for the purpose of de- 
scribing the present invention in the context of a partic- 
ular embodiment, a typical personal computer architec- 
ture is shown, such as the configuration used in many 
IBM personal computers. The present invention may al- 
so be used in other digital computer architectures, such 
as mini-computer and mainframe computer environ- 
ments, and in local area and wide area computer net- 
works. It is only required that the computer be physically 
secure so as to prevent attackers from probing or chang- 
ing the circuits of the computer. In those circumstances 
where the computer itself cannot be made physically se- 
cure, a security card 1 1 having a secure module 1 3 such 
as shown in US Patents 5,159,629 and 5,027,397 may 
be employed in the embodiment of the invention. 
[0013] The processing element of the personal com- 
puter architecture is a microprocessor 15 which may, for 
example, be an INTEL 80486, Pentium or similar micro- 
processor. The microprocessor 1 5 is connected to a bus 
1 7 which comprises a set of data lines, a set of address 
lines and a set of control lines. A plurality of I/O devices 
including memory and storage devices are connected 
to the bus 1 7 through separate adapters. The I/O devic- 
es may be standard features of the personal computer, 
or plug-in options. For example, these devices may in- 
clude a color display 19 connected through a graphics 
adapter 21 , a keyboard 23 connected through an adapt- 
er 25 and a hard disk drive 27 connected through a SCSI 
adapter 29 as is known to be used in IBM computers 
and IBM-compatible computers. The other devices are 
either included as part of the personal computer or are 
available as plug-in options from the IBM Corporation 
and other suppliers. 

[0014] The random access memory (RAM) 31 and the 
read-only memory (ROM). 33 are included as standard 
equipment in a personal computer, although additional 
random access memory to supplement RAM 31 may be 
added via a plug-in memory expansion option. 
[0015] Within the ROM 33 are stored a plurality of in- 
structions, known as the basic input/output operating 
system, or BIOS, for execution by the microprocessor 
15. The BIOS controls the fundamental I/O operations 
of the computer. An operating system such as the IBM 



OS/2 operating system software by IBM Corporation, 
commonly used with the IBM personal computer family, 
is loaded into the RAM 31 and runs in conjunction with 
the BIOS stored in ROM 33. It will be understood by 

5 those skilled in the art that the personal computer sys- 
tem could be configured so that parts or all of the BIOS 
are stored in the RAM 31 rather than in the ROM 33 so 
as to allow modifications to the basic system operations 
by changes made to the BIOS program, which would 

10 then be readily loadable into the RAM 31 . Similarly, pro- 
grams, data, and knowledge representations stored in 
RAM 31 may be stored in ROM 33. 
[0016] As shown in FIG. 1 , a program 35 implement- 
ing the method of the invention is advantageously em- 

15 bodied as an article of manufacture by embedding the 
program into compact disc 37, or other portable storage 
media. Media 37 can be read by reader 39 connected 
to bus 1 7 by adapter 41 . Further, the program 35 may 
be embodied as a special purpose apparatus by storing 

20 the program's executable instructions in RAM 31 , ROM 
33, or a combination of both and or in DASD 27, acces- 
sible by the microprocessor 15 via adapter 29, for exe- 
cution by microprocessor 15. 

[001 7] In addition to use with the main microprocessor 
25 15 > the invention may be advantageously employed in 
special purpose devices such as the security card 11, 
also referred to as a cryptographic adapter 11 , which is 
connected to bus 1 7. Again the program 35 embodying 
the method of the invention may be implemented as a 
30 special purpose apparatus by storing the program's ex- 
ecutable instructions in RAM 53, ROM 55, or a combi- 
nation of both and/or loaded into RAM 53 from DASD 
27 as described above. Cryptographic adapter 11 also 
contains a cryptographic processing module 57 for effi- 
35 ciently executing algorithms such as the Data Encryp- 
tion Standard (DES) algorithm and the Rivest Shamir & 
Adleman (RSA) algorithm as examples of available al- 
gorithms. 

[0018] The preferred embodiment of the present in- 
40 vention is incorporated into and made a part of an op- 
erating system such as the IBM OS/2 operating system 
which is shown in block diagram form in Figure 2. For 
purposes of simplifying the description, the invention will 
be described as being embodied as part of the secure 
45 cryptographic adapter card 11 of Figure 1 and the non- 
secure application source for a certified application pro- 
gram according to the invention will be DASD 27, which 
is also shown in Figure 1 . 

[0019] In Figure 2, the operating system kernel 101 
50 appears in the center of the diagram. Kernel 101 per- 
forms the many system control functions that are need- 
ed to allow applications programs to be written and run 
efficiently on the computer. 

[0020] Allocation of memory to an application is one 
55 of the more important control functions performed by an 
operating system. As described in Chapter 4 Memory 
Management, of OS/2 Programmers Guide, written by 
Ed lacobucci and published in 1 988, the OS/2 operating 
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system allocates local address spaces for each appli- 
cation program and maps these local address spaces 
to real memory by means of Local Descriptor Tables. 
[0021] As a result, there is natural isolation between 
the memory segments of application programs. That is, 
segments allocated to one application program can not 
be viewed or modified by another application program. 
[0022] The above described method used by operat- 
ing systems executing on Intel 80286 and higher micro- 
processors works well for applications where both the 
application programs and their data areas are transitory 
in memory and a Local Descriptor Table can be set up 
and new memory allocated each time an application 
program is loaded into volatile memory. In situations 
where the data area must remain in a persistent memory 
such as a flash memory, some way must be provided to 
safely re-allocate the continuously existing memory ar- 
ea to an application program whose authenticity has 
been verified and has been re-loaded into memory. 
[0023] Before executing an application program being 
loaded from a DASD device for example, located out- 
side the secure environment, the authenticity of the ap- 
plication program must be verified. Otherwise an im- 
poster program may be loaded and the imposter pro- 
gram may attack the secure environment. Further, the 
re-allocation of a persistent memory area to the loaded 
program must preserve isolation and must not permit a 
memory area of another application program to be allo- 
cated to the newly loaded program. 
[0024] verification of authenticity is accomplished in 
loader 111 according to the invention by prior certifica- 
tion of application programs and verification of applica- 
tion programs before they are loaded into secure mem- 
ory. Isolation is accomplished by Security Relevant Data 
Item (SRDI) manager 1 09 according to the invention by 
comparing identification fields in a Data Area Table with 
application program identity. The Data Area Table is 
maintained for the purpose by a novel improvement to 
the operating system which will now be described with 
reference again to Figure 2. 

[0025] The RAM 53 and ROM 55 of Figure 1 are con- 
tained within secure module 13. RAM 53 and ROM 55 
contain the operating system which may be a subset of 
OS/2 in this cryptographic adapter card version of the 
invention. The kernel 101 manages memory allocation 
and other resources such as Data Encryption Standard 
Algorithm (DES) via DES resource manager 103 and 
Rivest Shamir & Adleman (RSA) via RSA resource man- 
ager 105. 

[0026] A persistent memory such as flash memory or 
battery powered memory is provided at 1 07. The real 
address space of persistent memory 1 07 is mapped into 
the Global Descriptor Table and therefore is always 
available to the operating system and does not go away 
when an application using memory 1 07 stops running in 
memory 53. Allocation of addresses within memory 1 07 
to an application program is handled by SRDI manager 
109 of the invention. 
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[0027] An improved program loader according to the 
invention is provided at 111 in order to bring in and re- 
load an application program from un -protected DASD 
113 or some other un-protected external medium. The 

5 physical protection provided to the circuits within secure 
module 1 3 can be reasonably provided but the cost and 
complexity to physically protect a DASD device from at- 
tack is not practical at this time. Accordingly it is neces- 
sary to ensure that an application program loaded from 

10 DASD 27 has not been modified or substituted as part 
of an attack on the system. This is accomplished by pro- 
gram loader 1 1 1 using encryption resources available to 
the operating system. 

[0028] Before an application program is loaded and 

15 used, it is certified by the computer system owner or 
manufacturer or some other central party responsible 
for the control and security of the system. Certification 
is accomplished using the cryptographic facilities of se- 
curity card 1 1 according to the invention as shown in the 

20 flow diagram of Figure 3. 

[0029] In Figure 3, a unique name N A is selected for 
the program A at block 201 and stored at block 203. The 
name does not have to possess any special character- 
istics but only has to be unique within the domain of 

25 names of programs that will be certified by this particular 
authority. The name N A and the program P A as input at 
205 are combined into a single, contiguous data object 
at block 207 and stored at block 209. Although other 
methods are possible, in the preferred embodiment, 

30 combination is done by concatenating N A to P A . The 
combined object is referred to as P A N A . 
[0030] At block 21 1 , a hash is calculated over P A N A 
to get H(P A N A ). H(P A N A ) will be of a consistent length, 
regardless of the size of P A N A . Also, public key tech- 

35 niques can usually only encrypt data that is less than 
the size of the key modulus such as 1 024 bits for a typ- 
ical RSA key. 

[0031] At block 215, the certifying authority calculates 
a digital signature DSIG, over H(P A N A ), using a private 

40 key K PR retrieved at block 213 from secure persistent 
storage. The result of this encryption is the digital sig- 
nature, DSIG. K PR is the private key of a public/private 
key pair. The corresponding public key K PU , is made 
available at every computer system where the authority 

45 expects programs certified with Kp R to be used. 

[0032] The digital signature may be calculated using 
any of a number of well known techniques, including but 
not limited to digital signature algorithms RSA and DSA, 
and hashing algorithms SHA-1, MD5, MD4, and MDC. 

so [0033] DSIG is attached at block 21 7 to the combined 
program/name object PaN a and stored at block 21 9, so 
that the signature DSIG is carried with the program 
when it is distributed and when it is loaded into a com- 
puter system. This final distributed object, containing the 

55 program, the name, and the digital signature, is referred 
to as Certified Program A (CP A ). The certified program 
can now be distributed at block 221 to end user locations 
having a secure area with persistent storage and an op- 
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erating system according to the invention. 
[0034] When an operating system according to the in- 
vention loads a program into a computer system, it ver- 
ifies the authenticity of the program itself and of the pro- 
gram name, by verifying the attached digital signature 
DSIG. As stated above, the public key K PU , is available 
to every computer system where program P A needs to 
be used. 

[0035] Referring now to Figure 4, the computer's op- 
erating system will, according to the invention, perform 
the following steps when loading the program for exe- 
cution: 

[0036] At block 301 , the certified program object CP A 
is separated into the digital signature DSIG, and the 
combined program/name object P A N A . 
[0037] Verifying that DSIG is a valid signature for the 
program and its name in object P A N A is accomplished 
using public key K PU according to the following steps. 
First the digital signature DSIG is decrypted at block 303 
using the public key K PU . If the signature DSIG was in- 
deed created with the corresponding private key, the re- 
sult of this decryption will be the hash H*(P A N A ). 
[0038] Next the hash H(P A N A ) is calculated at block 
305 in the same way as it was done during certification. 
At block 307 the results from block 303 and 305 are com- 
pared to see if H(P A N A ) = H'(P A N A ). If they are equal, 
the digital signature verifies and proves that P A N A was 
signed by the certifying authority and it also proves that 
P A N A has not been modified. 

[0039] If the signature is not correct, the loading proc- 
ess is aborted at block 309. If the signature is correct, 
the object P A N A is separated at block 311 into the pro- 
gram PA and the program name N A . The program name 
N A is saved in a data area attribute table at block 313 in 
operating system storage, where it cannot be altered by 
any program other than the operating system itself. At 
block 315 the program is loaded and at block 317 exe- 
cution of program P A is started. 

[0040] All program owned persistent data areas are 
managed by the computer's operating system. They 
cannot be accessed directly by an application program, 
without making a request to the operating system serv- 
ices. 

[0041] When a program asks the operating system to 
allocate a new persistent data area, the operating sys- 
tem looks up the name of the program and stores it in a 
way that permanently associates it with that persistent 
data area. Thus, every persistent data area has at- 
tached to it a permanent, unalterable owner name field. 
[0042] At some later time, when a program requests 
access to an existing data area, the operating system 
verifies that the requesting program is the creator, and 
hence the owner, of the data area. It compares the pro- 
gram's name, which it saved at the time of program load- 
ing, to the owner name which is attached to the data 
area itself. If the two are not identical, the program is not 
permitted access to the requested data area. This 
mechanism prevents any program from obtaining ac- 



cess to any other program's data, if we can guarantee 
that the program name cannot be forged in any way. 
That guarantee is provided through the program certifi- 
cation and program loading processes described 
s above. 

[0043] It will be understood that comparison of the 
unique application program name to the data area own- 
er name need not be an exact match and other partial 
or complete comparisons will serve better in some sys- 
tems. For example, there may be a family of programs 
that require access to the same persistent data area and 
to accomplish such access permission, all names may 
be assigned by the certifying authority to begin with the 
same characters but end with differing suffixes. The XYZ 
family of programs may include XYZA, XYZB, etc. In this 
example, only the xyz portion of the name will be re- 
quired to match the persistent data area owner name. 
Like wise, matches may be other than exact matches 
but may be complements, reversed order characters 
and other such variations with out departing from the 
scope of the invention. 

[0044] Data area access control is illustrated in the 
flow diagram of Figure 5, where the following steps take 
place. Application program A, which has the name N A , 
requests at block 401 , access to data area D2. This re- 
quest goes to the SRDI manager 109 at block 403 fol- 
lowing the dashed line paths. The SRDI manager re- 
trieves the name N A that it saved for program A when 
that program was loaded. The SRDI manager then ex- 
amines the owner name associated with data area D2. 
[0045] The SRDI manager compares the two values 
at block 405, and finds at block 407 that the requester 
Name (N A ) equals the data Owner name (N A ), and ac- 
cess can be granted by allocating at block 409 the data 
area D2 to the Local Descriptor Table of program A. 
[0046] Figure 5 also shows, in solid line paths, an at- 
tempt to access a data area that is owned by a different 
program where the following steps take place. Applica- 
tion program A, which has the name N A , requests at 
block 402, access to data area D1. This request goes 
to the SRDI manager at block 403 by the solid line paths. 
The SRDI manager retrieves the name it saved for pro- 
gram A when that program was loaded. Again this name 
is N A . The SRDI manager then examines the owner 
name associated with data area D1 , and finds that this 
name is N B . At block 405, the SRDI manager compares 
the two values, and since the requester name (N A ) is 
not equal to the data owner name (N B ), access is denied 
without allocating memory and therefore program A can 
not access data owned by program B. It will be under- 
stood that although in this preferred embodiment, com- 
parison was conducted for equality, other comparisons 
can alternately be performed in order to match the pro- 
gram name to the data owner's name. 
[0047] It will be understood that allowing access to a 
data area in persistent memory can be accomplished by 
allocation as described above or by actually copying da- 
ta from an area allocated by its Local Descriptor Table 
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to the SRDI manager at protection level zero, to another 
area In RAM. This other area in RAM is allocated by the 
Local Descriptor Table of the SRDI manager at level ze- 
ro and will also be allocated to the requesting application 
program via its Local Descriptor Table at level three. s 
[0048] This invention provides a secure way to asso- 
ciate persistent data in a secure area with transient ap- 
plication programs that originate outside the secure ar- 
ea. When a program is loaded, its authenticity is verified 
and it is automatically associated with data areas it ere- 10 
ated, and no program can obtain access to any data ar- 
ea created by a different program. 



Claims 15 

1 . A method for certifying the authenticity of a program 
P so that program P can be stored externally to a 
secure area and loaded into and executed in the 
secure area comprising the acts of: 20 

selecting a unique name N for the program P; 

combining N and P into a single contiguous ob- 
ject PN; 25 



used to generate DPN, is a valid signature for 
the object PN; 

separating a program P from a name N of the 
object PN; 

loading program P into memory for execution; 

storing name N in protected operating system 
memory for later use in allowing access by pro- 
gram P to a data file stored in a memory in the 
secure area. 

3. Method of claim 2 further comprising acts of: 

receiving at the operating system, a request by 
the program P for access to a data object; 

retrieving from protected memory, the name N 
of program P; 

retrieving from the data object D an owner 
name n; 

comparing the name N with the owner name n; 



calculating a digital signature DPN from PN us- 
ing a private key of a private-public key pair al- 
gorithm; 

30 

attaching the digital signature DPN to the object 
PN to obtain a certified program; 

distributing a public key, corresponding to the 
private key of the private-public key pair algo- 35 
rithm, so that said public key is available in each 
secure area where the program P will be loaded 
and executed. 

2. A method for loading a program, certified in accord- *o 
ance with the method of claim 1 , from external stor- 
age into a secure area for execution in the secure 
area, the method comprising the acts of: 

requesting an operating system resident in the 
secure area to load a certified program; 

retrieving the certified program from external 
storage into operating system protected mode 
memory; so 

separating in protected mode memory in the 
secure area, the digital signature DPN from the 
object PN of the certified program; 

55 

validating that digital signature DPN, using a 
public key corresponding to the private key of 
a public-private key pair algorithm which was 



granting access by program P to data object D 
when name N and owner name n match; and 

denying access by program P to data object D 
when name N and owner name n do not match. 

4. Apparatus for certifying the authenticity of a pro- 
gram P so that program P can be stored externally 
to a secure area and loaded into and executed in 
the secure area comprising: 

means for selecting a unique name N for the 
program P; 

means for combin ing N and P into a single con- 
tiguous object PN; 

means for calculating a digital signature DPN 
from PN using a private key of a private-public 
key pair algorithm; 

means for attaching the digital signature DPN 
to the object PN to obtain a certified program; 

means for distributing a public key correspond- 
ing to the private key of the private-public key 
pair algorithm, so that said public key is avail- 
able in each secure area where the program P 
will be loaded and executed. 

5. Apparatus for loading a program, certified by the 
method of claim 1 , from external storage into a se- 
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cure area for execution in the secure area, compris- 
ing: 

means for requesting an operating system res- 
ident in the secure area load a certified pro- 5 
gram; 

means for retrieving the certified program from 
external storage into operating system protect- 
ed mode memory; 10 

means for separating in protected mode mem- 
ory in the secure area, the digital signature DPN 
from the object PN of the certified program; 

15 

means for validating that digital signature DPN, 
using a public key corresponding to the private 
key of a public-private key pair algorithm which 
was used to generate DPN, is a valid signature 
for the object PN; 20 

means for separating a program P from a name 
N of the object PN; 

means for loading program P into memory for 25 
execution; 

means for storing name N in protected operat- 
ing system memory for later use in allowing ac- 
cess by program P to a data file stored in a 30 
memory in the secure area. 

6. Apparatus of claim 5 further comprising: 

means for receiving at the operating system, a 35 
request by the program P for access to a data 
object; 

means for retrieving from protected memory, 
the name N of program P; *o 

means for retrieving from the data object D an 
owner name n; 

means for comparing the name N with the own- 45 
er name n; 

means for granting access by program P to da- 
ta object D when name N and owner name n 
match, and denying access by program P to da- so 
ta object D when name N and owner name n 
do not match. 

7. A computer program product having a computer 
readable medium having computer program logic 55 
recorded thereon for certifying the authenticity of a 
program P so that program P can be stored exter- 
nally to a secure area and loaded into and executed 



in the secure area, the program product comprising: 

means for selecting a unique name N for the 
program P; 

means for combining N and P into a single con- 
tiguous object PN; 

means for calculating a digital signature DPN 
from PN using a private key of a private-public 
key pair algorithm; 

means for attaching the digital signature DPN 
to the object PN to obtain a certified program; 

means for distributing a public key, correspond- 
ing to the private key of the private-public key 
pair algorithm, so that said public key is avail- 
able in each secure area where the program P 
will be loaded and executed. 

8. A computer program product having a computer 
readable medium having computer program logic 
recorded thereon for loading a program, certified by 
the method of claim 1 , from external storage into a 
secure area for execution in the secure area, the 
program product comprising: 

means for requesting an operating system res- 
ident in the secure area load a certified pro- 
gram; 

means for retrieving the certified program from 
external storage into operating system protect- 
ed mode memory; 

means for separating in protected mode mem- 
ory in the secure area, the digital signature DPN 
from the object PN of the certified program; 

means for validating that digital signature DPN, 
using a public key corresponding to the private 
key of a public-private key pair algorithm which 
was used to generate DPN, is a valid signature 
for the object PN; 

means for separating a program P from a name 
N of the object PN; 

means for loading program P into memory for 
execution; 

means for storing name N in protected operat- 
ing system memory for later use in allowing ac- 
cess by program P to a data file stored in a 
memory in the secure area. 

9. Computer program product of claim 8 further com- 
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prising: 



fasst: 



means for receiving at the operating system, a 
request by the program P for access to a data 
object; s 

means for retrieving from protected memory, 
the name N of program P; 

means for retrieving from the data object D an 10 
owner name n; 

means for comparing the name N with the own- 
er name n; 



means for granting access by program P to da- 
ta object D when name N and owner name n 
match, and denying access by program P to da- 
ta object D when name N and owner name n 
do not match. 



Patentanspruche 

1 . Verfahren zum Zertifizieren der Echtheit eines Pro- 
gramms P, so dass das Programm P auBerhalb ei- 
nes sicheren Bereichs gespeichert und in den si- 
cheren Bereich geladen und in diesem ausgefuhrt 
werden kann, das die folgenden Vorgange umfasst: 

Auswahlen eines eindeutigen Namens N fur 
das Programm P; 

Verknupfen von N und P in einem einzigen zu- 
sammenhangenden Objekt PN; 

Berechnen einer digitalen Signatur DPN aus 
PN unter Verwendung eines privaten Schlus- 
sels eines Algorithmus fur ein privates/off entli- 
ches Schliisselpaar; 

Anhangen der digitalen Signatur DPN an das 
Objekt PN, um ein zertifiziertes Programm zu 
erhalten; 

Verteilen eines offentlichen Schlussels, der 
dem privaten Schlussel des Algorithmus fur ein 
privates/offentliches Schliisselpaar entspricht, 
so dass der offentliche Schlussel in jedem si- 
cheren Bereich verfugbar ist, in den das Pro- 
gramm P geladen und in dem es ausgefuhrt 
wird. 

2. Verfahren zum Laden eines Programms, das ge- 
ma3 dem Verfahren nach Anspruch 1 zertifiziert 
wurde, aus einem externen Speicher in einen siche- 
ren Bereich zur Ausfuhrung im sicheren Bereich, 
wobei das Verfahren die folgenden Vorgange um- 



15 



20 



25 



30 



40 



45 



50 



55 



Anfordern eines im sicheren Bereich befindli- 
chen Betriebssystems, um ein zertifiziertes 
Programm zu laden; 

Abrufen des zertifizierten Programms aus dem 
externen Speicher in einen Betriebssystem- 
speicher im geschutzten Modus; 

Trennen der digitalen Signatur DPN vom Ob- 
jekt PN des zertifizierten Programms im Spei- 
cher im geschutzten Modus im sicheren Be- 
reich; 

Uberprufen unter Verwendung eines offentli- 
chen Schlussels, der dem privaten Schlussel 
eines Algorithmus fur ein offentliches/privates 
Schliisselpaar entspricht, der zum Erzeugen 
von DPN verwendet wurde, ob die digitale Si- 
gnatur DPN einegultige Signatur fur das Objekt 
PN ist; 

Trennen eines Programms P von einem Na- 
men N des Objektes PN; 

Laden des Programms P in den Speicher zur 
Ausfuhrung; 

Speichern des Namens N in den geschutzten 
Betriebssystemspeicher zur spateren Verwen- 
dung beim Erteilen des Zugriffs auf eine in ei- 
nem Speicher im sicheren Bereich gespeicher- 
te Datendatei durch das Programm P. 

Verfahren nach Anspruch 2, das auBerdem die fol- 
genden Vorgange umfasst: 

Empfangen einer Anforderung vom Programm 
P fur den Zugriff auf ein Datenobjekt im Be- 
triebssystem; 

Abrufen des Namens N des Programms P aus 
dem geschutzten Speicher; 

Abrufen eines Eignernamens n aus dem Da- 
tenobjekt D; 

Vergleichen des Namens N mit dem Eignerna- 
men n; 

Erteilen des Zugriffs auf das Datenobjekt D 
durch das Programm P, wenn der Name N und 
der Eignername n ubereinstimmen; 

Verweigern des Zugriffs auf das Datenobjekt D 
durch das Programm P, wenn der Name N und 
der Eignername n nicht ubereinstimmen. 
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4. Vorrichtung zum Zertifizieren der Echtheit eines 
Programms P, so dass das Programm P auBerhalb 
eines sicheren Bereichs gespeichert und in den si- 
cheren Bereich geladen und in diesem ausgefuhrt 
werden kann, die Folgendes umfasst: s 

Mittei zum Auswahlen eines eindeutigen Na- 
me ns N fur das Programm P; 

Mittei zum Verknupfen von N und P in einem io 
einzigen zusammenhangenden Objekt PN; 

Mittei zum Berechnen einer digitalen Signatur 
DPN aus PN unter Verwendung eines privaten 
Schlussels eines Algorithmus fur ein privates/ is 
offentliches Schlusselpaar; 

Mittei zum Anhangen der digitalen Signatur 
DPN an das Objekt PN, urn ein zertifiziertes 
Programm zu erhalten; 20 

Mittei zum Verteilen eines offentlichen Schlus- 
sels, der dem privaten Schlussel des Algorith- 
mus fur ein privates/dffentliches Schlusselpaar 
entspricht, so dass der offentliche Schlussel in 25 
jedem sicheren Bereich verfugbar ist, in den 
das Programm P geladen und in dem es aus- 
gefuhrt wird. 

5. Vorrichtung zum Laden eines Programms, das ge- 30 
maB dem Verfahren nach Anspruch 1 zertifiziert 
wurde, aus einem externen Speicherin einen siche- 
ren Bereich zur Ausfuhrung im sicheren Bereich, 

die Folgendes umfasst: 

35 

Mittei zum Anfordern eines im sicheren Bereich 
befindlichen Betriebssystems, um ein zertifi- 
ziertes Programm zu laden; 

Mittei zum Abrufen des zertifizierten Pro- *o 
gramms aus dem externen Speicher in einen 
Betriebssystemspeicher im geschiitzten Mo- 
dus; 

Mittei zum Trennen der digitalen Signatur DPN 45 
vom Objekt PN des zertifizierten Programms im 
Speicher im geschiitzten Modus im sicheren 
Bereich; 

Mittei zum Uberpriifen unter Verwendung eines so 
offentlichen Schlussels, der dem privaten 
Schlussel eines Algorithmus fur ein offentli- 
ches/privates Schlusselpaar entspricht, der 
zum Erzeugen von DPN verwendet wurde, ob 
die digitale Signatur DPN eine gultige Signatur ss 
fur das Objekt PN ist; 

Mittei zum Trennen eines Programms P von ei- 



nem Namen N des Objektes PN; 

Mittei zum Laden des Programms P in den 
Speicher zur Ausfuhrung; 

Mittei zum Speichern des Namens N im ge- 
schiitzten Betriebssystemspeicher zur spate- 
ren Verwendung beim Gestatten des Zugriffs 
auf eine in einem Speicher im sicheren Bereich 
gespeicherte Datendatei durch das Programm 
P. 

6. Vorrichtung nach Anspruch 5, die auBerdem Fol- 
gendes umfasst: 

Mittei zum Empfangen einer Anforderung vom 
Programm P fur den Zugriff auf ein Datenobjekt 
im Betriebssystem; 

Mittei zum Abrufen des Namens N des Pro- 
gramms P aus dem geschiitzten Speicher; 

Mittei zum Abrufen eines Eignernamens n aus 
dem Datenobjekt D; 

Mittei zum Vergleichen des Namens N mit dem 
Eignemamen n; 

Mittei zum Erteilen des Zugriffs auf das Daten- 
objekt D durch das Programm P, wenn der Na- 
me N und der Eignername n ubereinstimmen, 
und zum Verweigern des Zugriffs auf das Da- 
tenobjekt D durch das Programm P, wenn der 
Name N und der Eignername n nicht uberein- 
stimmen. 

7. Computerprogrammprodukt mit einem computer- 
lesbaren Medium, das eine darauf aufgezeichnete 
Computerprogrammlogik zum Zertifizieren der 
Echtheit eines Programms P aufweist, so dass das 
Programm P auBerhalb eines sicheren Bereichs 
gespeichert und in den sicheren Bereich geladen 
und in diesem ausgefuhrt werden kann, wobei das 
Programmprodukt Folgendes umfasst: 

Mittei zum Auswahlen eines eindeutigen Na- 
mens N fur das Programm P; 

Mittei zum Verknupfen von N und P in einem 
einzigen zusammenhangenden Objekt PN; 

Mittei zum Berechnen einer digitalen Signatur 
DPN aus PN unter Verwendung eines privaten 
Schlussels eines Algorithmus fur ein privates/ 
offentliches Schlusselpaar; 

Mittei zum Anhangen der digitalen Signatur 
DPN an das Objekt PN, um ein zertfiziertes 
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Programm zu erhatten; 

Mittel zum Verteilen eines offentlichen Schlus- 
sels, der dem privaten Schlussel des Algorith- 
mus fur ein privates/offentliches Schlusselpaar s 
entspricht, so dass der offentliche Schlussel in 
jedem slcheren Bereich verfugbar ist, in den 
das Programm P geladen und in dem es aus- 
gefuhrt wird. 

10 

8. Computerprogrammprodukt mit elnem compute- 
riesbaren Medium, das eine darauf aufgezeichnete 
Computerprogrammlogik zum Laden eines gemaG 
dem Verfahren nach Anspruch 1 zertifizierten Pro- 
gramms aus einem extemen Speicher in einen si- 15 
cheren Bereich zur Ausfuhrung im sicheren Bereich 
aufweist, wobei das Programmprodukt Folgendes 
umfasst: 

Mittel zum Anfordern eines im sicheren Bereich 20 
befindlichen Betriebssystems, urn ein zertifi- 
ziertes Programm zu laden; 

Mittel zum Abrufen des zertifizierten Pro- 
gramms aus dem externen Speicher in den Be- 25 
triebssystemspeicher im geschutzten Modus; 

Mittel zum Trennen der digitalen Signatur DPN 
vom Objekt PN des zertifizierten Programms im 
Speicher im geschutzten Modus im sicheren 30 
Bereich; 

Mittel zum Uberpriifen unter Verwendung eines 
offentlichen Schlussels, der dem privaten 
Schlussel eines Algorithmus fur ein offentli- 35 
ches/privates Schlusselpaar entspricht, der 
zum Erzeugen von DPN verwendet wurde, ob 
die digftale Signatur DPN eine gultige Signatur 
fur das Objekt PN ist; 

40 

Mittel zum Trennen eines Programms P von ei- 
nem Namen N des Objektes PN; 

Mittel zum Laden des Programms P in den 
Speicher zur Ausfuhrung; 45 

Mittel zum Speichem des Namens N im ge- 
schutzten Betriebssystemspeicher zur spate- 
ren Verwendung beim Erteilen des Zugriffs auf 
eine in einem Speicher im sicheren Bereich ge- so 
speicherte Datendatei durch das Programm P. 

9. Computerprogrammprodukt nach Anspruch 8, das 
auGerdem Folgendes umfasst: 

55 

Mittel zum Empfangen einer Anforderung vom 
Programm P zum Zugriff auf ein Datenobjekt 
im Betriebssystem; 



Mittel zum Abrufen des Namens N des Pro- 
gramms P aus dem geschutzten Speicher; 

Mittel zum Abrufen eines Eignernamens n aus 
dem Datenobjekt D; 

Mittel zum Vergleichen des Namens N mit dem 
Eignernamen n; 

Mittel zum Erteilen des Zugriffs auf das Daten- 
objekt D durch das Programm P, wenn der Na- 
me N und der Eignername n ubereinstimmen, 
und zum Verweigern des Zugriffs auf das Da- 
tenobjekt D durch das Programm P, wenn der 
Name N und der Eignername n nicht uberein- 
stimmen. 



Revendications 

1. Precede servant a certifier Pauthenticite d'un pro- 
gramme P pour que le programme P puisse etre 
enregistre en exteme dans une zone securisee et 
chargg sur et execute dans la zone securisee, le 
precede comprenant les phases qui consistent a : 

choisir un nom unique N pour le programme P ; 

combiner N et P en un seul objet continu PN; 

calculer une signature numerique DPN a partir 
de PN en utilisant la cle privee d'un algorithme 
de paire de cles privee-publique ; 

rattacher la signature numdrique DPN a Tobjet 
PN pour obtenir un programme certifie ; 

distribuer unec!6 publique, correspondant a la 
cl6 privee de I'algorrthme de la paire de cl6s pri- 
vee-publique, de telle sorte que ladite cle pu- 
blique soit disponible dans chaque zone secu- 
risee ou le programme P sera charge et execu- 
te. 

2. Proc6de pour charger un programme, certifte con- 
form6ment au proc6d6 de la revendication 1 , de- 
puis une m6moire externe dans une zone securisee 
en vue de son execution dans la zone s6curis6e, le 
proc6de comprenant les phases qui consistent a : 

demander a un systeme d'exploitation residant 
dans la zone securisee de charger un program- 
me certifie ; 

r6cup6rer le programme certifie de la meYnoire 
externe pour le placer dans la m6moire en mo- 
de proteg6 du systeme d'exploitation ; 
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dans la m6moire en mode protege dans la zone 
securisee, separer la signature numerique 
DPN de I'objet PN du programme certlfl6 ; 

verifier, en utilisant la c\6 publique correspon- 5 
dant a la cle privee de Talgorithme de la paire 
de cles privee-publique qui a 6t6 utilise pour en- 
gendrer DPN, que la signature numerique DPN 
est une signature valable pour I'objet PN ; 

10 

separer un programme P d'un nom N de I'objet 
PN ; 

charger le programme P dans la memoire pour 
son execution ; 15 

enregistrer le nom N dans la memoire prot6g6e 
du systeme d'exploitation pour I'utiliser ulte- 
rieurement le programme P a acc6der a un fi- 
chierde donnees enregistre dans une memoire 20 
dans la zone securisee. 

3. Procede selon la revendication 2 comprenant en 
outre les phases suivantes : 

25 

recevoir sur le systeme d'exploitation, une re- 
quete du programme P demandant I'acces a un 
objet de donnees ; 

recuperer dans la memoire protegee le nom N 30 
du programme P ; 

recuperer dans I'objet de donnees D un nom de 
proprietaire n ; 

35 

comparer le nom N et le nom du proprietaire n ; 

autoriser le programme P a acceder a I'objet de 
donnees D quand le nom N et le nom de pro- 
prietaire n correspondent ; et 40 

refuser au programme P I'acces a I'objet de 
donnees D quand le nom N et le nom de pro- 
prietaire n ne correspondent pas. 

45 

4. Appareil pour certifier I'authenticite d'un program- 
me P pour que le programme P puisse etre enre- 
gistre en externe dans une zone s6curisee et char- 
ge sur et execute dans la zone securisee, compre- 
nant: so 

un moyen pour choisir un nom unique N pour 
le programme P ; 

un moyen pour combiner N et P en un seul objet 55 
continu PN ; 

un moyen pourcalculer une signature numeri- 



que DPN a partir de PN en utilisant la cle priv6e 
d'un algorithme de paire de cles privee- 
publique ; 

un moyen pour rattacher la signature numeri- 
que DPN a I'objet PN pour obtenir un program- 
me certifte ; 

un moyen pour distribuer une cle publique, cor- 
respondant a la cle privee de Talgorithme de la 
paire de cles privee-publique, de telle sorte que 
ladite cle publique soit disponible dans chaque 
zone securisee ou le programme P sera charg6 
et execute. 

5. Appareil pour charger un programme, certifie con- 
formement au procede de la revendication 1, de- 
puis une memoire externe dans une zone securisee 
en vue de son execution dans la zone securisee, 
comprenant: 

un moyen pour demander a un systeme d'ex- 
ploitation resident de la zone securisee de 
charger un programme certifi6 ; 

un moyen pour recuperer le programme certifte 
de la memoire externe pour le placer dans la 
memoire en mode protege du systeme 
d'exploitation ; 

un moyen pour separer la signature numerique 
DPN de I'objet PN du programme certifie, dans 
la memoire en mode protege dans la zone 
securisee ; 

un moyen pour verifier, en utilisant la cle publi- 
que correspondant a la cle privee de I'algorith- 
me de la paire de cl6s privee-publique qui a ete 
utilise pour engendrer DPN, que la signature 
numerique DPN est une signature valable pour 
I'objet PN ; 

un moyen pour separer un programme P d'un 
nom N de I'objet PN; 

un moyen pour charger le programme P dans 
la memoire pour son execution ; 

un moyen pour enregistrer le nom N dans la 
memoire protegee du systeme d'exploitation 
pour I'utiliser uiterieurement le programme P a 
acceder a un fichier de donnees enregistn* 
dans une mdmoire dans la zone securisee. 

6. Appareil selon la revendication 5 comprenant en 
outre : 

un moyen pour recevoir sur le systeme d'ex- 
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ploitation, une requite du programme P de- 
mandant I'acces a un objet de donnees ; 

un moyen pour recuperer dans la memoire pro- 
tegee le nom N du programme P ; 5 

un moyen pour recuperer dans I'objet de don- 
nees D un nom de proprietaire n ; 

un moyen pour comparer le nom N et le nom io 
du proprietaire n ; 

un moyen pour autoriser le programme P a ac- 
ceder a I'objet de donnees D quand le nom N 
et le nom de proprietaire n correspondent et, 15 
pour refuser au programme P I'acces a I'objet 
de donnees D quand le nom N et le nom de 
proprietaire n ne correspondent pas. 

7. Produit de programme informatique comportant un 20 
support lisible par ordinateur sur lequel est enregis- 
tree une logique de programme informatique ser- 
vant a verifier I'authenticite d'un programme P pour 
que le programme P puisse etre enregistre en ex- 
ternedans une zone securisee et charge sur etexe- 25 
cute dans la zone securisee, le produit de program- 
me comprenant : 

un moyen pour choisir un nom unique N pour 

le programme P ; 30 

un moyen pourcombiner N et P en un seul objet 
continu PN ; 

un moyen pourcalculer une signature numeri- 
que DPN a partir de PN en utilisant la cle privee 
d'un algorithme de paire de cles privee- 
publique ; 

un moyen pour rattacher la signature numeri- 40 
que DPN a I'objet PN pour obtenir un program- 
me certif ie ; 

un moyen pour distribuer une cle publique, cor- 
respondent a la cle privee de I'algorithme de la 45 
paire de cles privee-publique, de telle sorte que 
ladite cle publique soit disponible dans chaque 
zone securisee ou le programme P sera charge 
et execute. 

50 

8. Produit de programme informatique comportant un 
support lisible par ordinateur sur lequel est enregis- 
tree une logique de programme informatique ser- 
vant a charger un programme, certifie conforme- 
ment au procede de la revendication 1 , depuis une ss 
memoire externe dans une zone securisee en vue 

de son execution dans la zone securisee, le produit 
de programme comprenant : 



un moyen pour demander a un systeme d'ex- 
ploitation resident dans la zone securisee de 
charger un programme certifie ; 

un moyen pour recuperer le programme certifie 
dans la memoire externe pour le placer dans la 
m6moire en mode protege du systeme 
d 'exploitation ; 

un moyen pour separer la signature num6rique 
DPN de I'objet PN du programme certifie, dans 
la memoire en mode protege dans la zone 
securisee ; 

un moyen pour verifier, en utilisant la cle publi- 
que correspondant a la cle privee de I'algorith- 
me de la paire de cles privee-publique qui a ete 
utilise pour engendrer DPN, que la signature 
numerique DPN est une signature valable pour 
I'objet PN ; 

un moyen pour separer un programme P d'un 
nom N de I'objet PN ; 

un moyen pour charger le programme P dans 
la memoire pour son execution ; 

un moyen pour enregistrer le nom N dans la 
memoire protegee du systeme d'exploitation 
pour I'utiliser ulterieurement le programme P a 
acceder a un fichier de donnees enregistre 
dans une memoire dans la zone securisee. 



un moyen pour, recevoir sur le systeme d'ex- 
ploitation, une requete du programme P de- 
mandant I'acces a un objet de donnees ; 

un moyen pour recuperer dans la memoire pro- 
tegee le nom N du programme P ; 

un moyen pour recuperer dans I'objet de don- 
nees D un nom de proprietaire n ; 

un moyen pour comparer le nom N et le nom 
du proprietaire n ; 

un moyen pour autoriser le programme P a ar- 
ceder a I'objet de donnees D quand le nom N 
et le nom de proprietaire n correspondent et, 
pour refuser au programme P I'acces a I'objet 
de donnees D quand le nom N et le nom de 
proprietaire n ne correspondent pas. 



9. Produit de programme selon la revendication 8 
35 comprenant en outre 
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